content/security/cves/CVE-2007-0239.html - openoffice-org - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <title>CVE-2007-0239</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>

 </head>
 <body>
 <h2>CVE-2007-0239</h2>
 <h3>URL Handling Security Vulnerability (Linux/Solaris)</h3>
 <ul>
   <li> <strong>Synopsis: </strong>The OpenOffice.org URL handler could allow command execution using shell metacharacters in Linux and Solaris.
   <li> <strong>State: </strong>Resolved for Linux.
 </ul>
 <h4>1. Impact</h4>
 <p>If a user running OpenOffice.org from a shell terminal in Linux or Solaris opens an untrusted URL, malicious code could be arbitrarily executed on the user's computer. </p>
 <p> This issue is also described in<br>
   CVE-2007-0239, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-239">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-239</a><br>
   Issue ID#: 58013, 72543</p>
 <h4>2. Affected releases </h4>
 <p>All 2.x versions prior to OpenOffice.org 2.2 for Linux and Solaris </p>
 <p>All 1.x versions for Linux and Solaris. </p>
 <h4>3. Symptoms</h4>
 <p>There are no predictable symptoms that would indicate the described issue has been exploited.</p>
 <h4>4. Relief/Workaround</h4>
 <p>There is no workaround. See &quot;Resolution&quot; below. </p>
 <h4>5. Resolution</h4>
 <p>This issue is addressed in the following releases:</p>
 <p><strong>OpenOffice.org 1.5 Patch, OpenOffice.org 2.2 for Linux (affected system) </strong></p>
     <hr />
     <p>
       <a href="//security/">Security Home</a> ->
         <a href="//security/bulletin.html">Bulletin</a> ->
         <a href="//security/cves/CVE-2007-0239.html">CVE-2007-0239</a>
     </p>

 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
	"http://www.w3.org/TR/html4/loose.dtd">
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>CVE-2007-0239</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>

	</head>
	<body>
	<h2>CVE-2007-0239</h2>
	<h3>URL Handling Security Vulnerability (Linux/Solaris)</h3>
	<ul>
	<li> <strong>Synopsis: </strong>The OpenOffice.org URL handler could allow command execution using shell metacharacters in Linux and Solaris.
	<li> <strong>State: </strong>Resolved for Linux.
	</ul>
	<h4>1. Impact</h4>
	<p>If a user running OpenOffice.org from a shell terminal in Linux or Solaris opens an untrusted URL, malicious code could be arbitrarily executed on the user's computer. </p>
	<p> This issue is also described in<br>
	CVE-2007-0239, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-239">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-239</a><br>
	Issue ID#: 58013, 72543</p>
	<h4>2. Affected releases </h4>
	<p>All 2.x versions prior to OpenOffice.org 2.2 for Linux and Solaris </p>
	<p>All 1.x versions for Linux and Solaris. </p>
	<h4>3. Symptoms</h4>
	<p>There are no predictable symptoms that would indicate the described issue has been exploited.</p>
	<h4>4. Relief/Workaround</h4>
	<p>There is no workaround. See "Resolution" below. </p>
	<h4>5. Resolution</h4>
	<p>This issue is addressed in the following releases:</p>
	<p><strong>OpenOffice.org 1.5 Patch, OpenOffice.org 2.2 for Linux (affected system) </strong></p>
	<hr />
	<p>
	<a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a> ->
	<a href="//security/cves/CVE-2007-0239.html">CVE-2007-0239</a>
	</p>

	</body>
	</html>